zs5n5sI6N2.dll

Status: finished

Submission Time: 2022-05-25 11:17:13 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
633919
API (Web) ID:
1001421
Analysis Started:

2022-05-25 11:25:19 +02:00
Analysis Finished:

2022-05-25 11:42:20 +02:00
MD5:
9ce6868cb546819a7ba2fc27f91a3777
SHA1:
6052120b0375f44ede4985ad98f7bd89beb70c2b
SHA256:
fc4bee1a68545b7067fad93ba74478641acd683117f9fe478a4941d7146db959
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 17/41

malicious

IPs

IP	Country	Detection
176.10.119.68	Switzerland

URLs

Name	Detection
http://176.10.119.68/
http://176.10.119.68/drew/ELiX5C1LBrOXGVb_2F7VT_2/F3y7AZYCgC/OAzMBADjwIAAgevJ7/Ln8DdTMzAOtI/oaRRlHeZ
http://176.10.119.68/drew/bht18BKt3t1ka1/EyRQXKSxK1fGGVQT69xe7/l12WvU97arR8lucE/BPan_2BqxdC9XZm/a6pB9pAoQo46tq53qB/yLUp2d5T9/j5s74YMStQa0vycAYVnz/i1_2BT1sbtGbsqmiKYJ/utxS2UAD48D_2FhKmTNhPj/C7HmcyJhh_2BI/RoK5qxzW/AONvbwwgZ6joXACVCUjXkBm/TrT5RUjDbT/JqnBRntI67DVKvl4U/zabjaRP4H3Fa/y7F2cIC4htT/NfLmrAWL7x6jSO/onSOjeHvFKi2HNfNhR_2F/KXsh6.jlk
Click to see the 6 hidden entries
http://176.10.119.68/drew/RGq_2BVJ/3BCdlnfIA49R8s_2BXe1s3i/VFrZ4awbB4/zmZ34_2Bwuhkj_2Fp/SYr8rby3ftco/TjSDtFakSde/soGhjhBV5Tb5mX/q7nM_2FDyGsXlD3E3A4fe/_2ByGCIGrgekC2k4/_2BIghzEoEtICMG/eMdl_2FVYz1Gzr3rXb/6bQxvF882/0gJazcAIQC6vmyI4DEnR/k0LRXXmFX8YlpSLVUNq/6DaeywiN2GwHaJFGl8Ik7G/m9UBKgfO4ybSV/fnhYeS0x/hab1JQvgZCtDWyU/A.jlk
http://176.10.119.68/drew/bht18BKt3t1ka1/EyRQXKSxK1fGGVQT69xe7/l12WvU97arR8lucE/BPan_2BqxdC9XZm/a6pB
http://176.10.119.68/drew/RGq_2BVJ/3BCdlnfIA49R8s_2BXe1s3i/VFrZ4awbB4/zmZ34_2Bwuhkj_2Fp/SYr8rby3ftco
http://https://file://USER.ID%lu.exe/upd
http://constitution.org/usdeclar.txt
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\0rxpcrxp\0rxpcrxp.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\Documents\20220525\PowerShell_transcript.468325.mIKzyOcS.20220525112740.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\rn2v1u0v\rn2v1u0v.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Temp\rn2v1u0v\rn2v1u0v.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\rn2v1u0v\rn2v1u0v.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\rn2v1u0v\rn2v1u0v.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\rn2v1u0v\CSCE8729092494447E68BAFD2B3DE7C4FE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y5tkumna.vlc.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnpdahnp.it4.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\RESDBAB.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RESBB61.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols	#
C:\Users\user\AppData\Local\Temp\0rxpcrxp\CSC81748258BEC6426288BE9680C960B04E.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\0rxpcrxp\0rxpcrxp.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\0rxpcrxp\0rxpcrxp.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\0rxpcrxp\0rxpcrxp.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_2ce29cfeeebc853567a148791f146b4541ff5338_7cac0383_0c0874ee\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7A9.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA650.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CE9.tmp.dmp	Mini DuMP crash report, 15 streams, Wed May 25 09:26:51 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8461.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER82CA.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7FAC.tmp.dmp	Mini DuMP crash report, 15 streams, Wed May 25 09:26:42 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72FC.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7136.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E47.tmp.dmp	Mini DuMP crash report, 15 streams, Wed May 25 09:26:37 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5a7bdef4ffd6df7a7664cf7158b49db77a1e6c9_7cac0383_07688b93\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_34661168243cfabc5e1ee2a141f8dfa8ff2298_7cac0383_1454ac5a\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#

zs5n5sI6N2.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

zs5n5sI6N2.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

zs5n5sI6N2.dll